CVE-2020-35730CISA KEV: Actively Exploited

Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Published Jun 22, 2023·Updated Jun 22, 2023

Description

Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

Public Exploits & PoCs1 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free